[OpenIndiana-discuss] Cannot join OpenIndiana client to Samba 4 AD: Message stream modified

[Andrew Martin]

Hello,

I have an OpenIndiana server that I am attempting to join to a Samba 4 Active
Directory domain. I have configured NTP and DNS on OpenIndiana to point at the
domain controllers and have confirmed that timezone and date/time are in sync
with the domain. I then attempted to join the domain:
# smbadm join -u Administrator EXAMPLE.COM
After joining EXAMPLE.COM the smb service will be restarted automatically.
Would you like to continue? [no]: yes
Enter domain password:
Joining EXAMPLE.COM ... this may take a minute ...
failed to join EXAMPLE.COM: UNSUCCESSFUL
Please refer to the system log for more information

/var/adm/messages reveals more detail:
smbd[1649]: [ID 834967 daemon.notice] [smb_ads_join] updating dc=example,dc=com(7) ou from dc=com to cn=Computers,dc=example,dc=com
smbd[1649]: [ID 428747 daemon.notice] [smb_ads_join] dn: dc=example,cn=Computers,dc=example,dc=com, config_ou: cn=Computers,dc=example,dc=com, old_dn: dc=example,dc=com
smbd[1649]: [ID 104551 daemon.notice] [smb_ads_get_default_comp_container_dn], comp_container: cn=Computers,dc=example,dc=com
smbd[1649]: [ID 702911 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Message stream modified)
smbd[1649]: [ID 702911 daemon.notice] Failed to set machine password.
smbd[1649]: [ID 871254 daemon.error] smbd: failed joining EXAMPLE.COM (UNSUCCESSFUL)

On the domain controller, I see a similar error: [2017/08/18 12:39:29,  1]
[2017/08/18 12:39:29,  1] ../source4/auth/gensec/gensec_krb5.c:823(gensec_krb5_unwrap)
  krb5_rd_priv failed: Message out of order
[2017/08/18 12:39:29,  3] ../source4/kdc/kpasswdd.c:45(kpasswdd_make_error_reply)
  kpasswdd: gensec_unwrap failed: NT_STATUS_ACCESS_DENIED

I believe the OpenIndiana machine is not sending back the proper sequence number
in the KPASSWD changepw request. How can I successfully join this machine to the
domain?

Thanks,

Andrew